It's possible to inject HTML text into mailto: reference.
vulners.com/securityvulns/securityvulns:doc:2766